AIsbom – open-source CLI to detect "Pickle Bombs" in PyTorch models

An open‑source tool called AIsbom just marched into the machine‑learning world promising to catch “pickle bombs”—sneaky code hidden inside AI model files that can run the moment you load them. The creator, lab700xdev, warns that we scan dependencies but “blindly trust” those 5GB mystery model downloads from Hugging Face. AIsbom peeks inside PyTorch and SafeTensors files, flags scary calls like os.system (remote code execution), and even surfaces hidden “non‑commercial” licenses tucked in headers—no heavy model loading required. There’s a slick offline viewer, too, because reading JSON is nobody’s idea of fun.

Cue the drama. Old‑school security voice chuckadams drops the classic rule: never unpickle what you didn’t pickle yourself, doubting any tool can do what Java’s bytecode verifier couldn’t. woodruffw calls the checks “pretty minimal,” plugging fickling for deeper pickle analysis—industry tea spilled with a “former employer” disclaimer. Then esafak strolls in and slams the door: Pickle has no place in production. Mic dropped. Meanwhile, roywiggins roasts the readme for sounding “very ChatGPT,” sparking a meta‑debate over security vs. marketing fluff.

Fans cheer that someone’s finally scanning model binaries, not just requirements.txt. Skeptics warn you can’t patch bad serialization with vibes. And the memes? Think “zip bombs but for AI,” jokes about RCE meaning “Really Creepy Energy,” and side‑eyes at the Hugging Face buffet of mystery meat. It’s security alarms meets licensing landmines—and the comments are the sirens.